Log4j2 vulnerability mitigation - JndiLookup Removal

Hi All,
We are working on mitigating the Log4j2 vulnerability by removing the JndiLookup class as described here:

We are using version 7.9.2 for all ELK components and currently we can't upgrade to newer version.
My question, is the JndiLookup being used by logstash ? Is there any impact expedted if it was removed or it is safe to remove it?
Thanks a lot

Not unless you have configured your log4j2.properties to contain a JNDI lookup. (This would be very unusual, and is definitely not something you could do by accident.)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.